Primary

First Time I was Hoping to See a Fare Inspector

So I could show off my iPhone ticket. This morning I became a beta tester for the Globe Sherpa app.

I haven’t used all the bells and whistles yet, but the core functionality is pretty straightforward. I purchased four 2-hour tickets with my credit card. The app ‘stores’ these for me. I then ‘used’ one of the tickets (pictured here) for a MAX trip to North Portland.

The app can sell any kind of ticket up to a 30-day pass, for any class of rider (Adult, Youth, Honored Citizen). No Streetcar-only fares yet (but it’s in the works), but of course you can use any TriMet fare on the Streetcar.

The app also has access to TransitTracker, a trip planner and maps and schedules, but I haven’t explored these in depth yet.

About Chris Smith

Chris Smith, a citizen activist focused on transportation, neighborhoods and civic engagement, is the founder of PortlandTransport.com. He currently serves on the Portland Planning and Sustainability Commission and the board of Portland Streetcar Inc. His day job is as Site Architect for Xerox.com.

I’m certain it will be possible to fool a bus driver with a counterfeit app; but it is my understanding that fare inspectors will have automatic verification devices that will be more robust against such forgeries. (At least I hope so).

Given that, though, this may require TriMet to expand the scope of fare inspection to include more coverage of the bus system, as depending on drivers to check fares may no longer be untrustworthy. The foil-lined tickets at least are hard to fabricate (transfer slips may be another matter).

If I correctly recall a demo I saw about 6 weeks ago (made by Globe Sherpa to the Portland Streetcar CAC), one anti-fraud feature is that the ticket can be made to “blink”, not just animate, during its first few minutes of activation. This would allow fare inspectors to easily tell if a ticket was just “activated”, even without having to calculate the 2-hours. This and other features regarding display and animation are somewhat customizable with input from the transit agency.

One thing I suggested to the developers is the ability for the agency to randomize the animation and color scheme on a daily basis, sort of a “day code”, to make it difficult for counterfeiters.

At present, the “universe” for fraud is a bit small – most iPhones are not “jailbroken”, meaning that a counterfeiting app cannot be installed by the average users, and Apple would be swift to remove an offending app were one to be submitted and later discovered. Android marketplaces can be less regulated, however.

One could conceivably set up a rogue web server to generate the animations as a web page for download, but widespread use of such a server would inevitably lead to the discovery of the perpetrator or at least a way to improve the animations so that they stay a step ahead of the counterfeiters.

As Globe Sherpa’s only source of revenue is commissions on ticket sales, I’m sure they’ll want legitimate sales to be maximized and agencies to remain happy with the service, so if counterfeiting becomes a problem (or even a “perception problem”) I imagine they’ll have someone working hard on updates.

Bob and Scotty, if the rider taps the moving image at the operator’s request, it should turn on the lights in the bus. So a forger would have to not only create an animated image (complete with a proper day code and time stamp), but an image that would respond to input.

Fare inspectors can easily determine (without doing math) that the ticket has been purchased within the last four minutes, which is apparently the time it takes for a team to clear a MAX car.

Bob and Scotty, if the rider taps the moving image at the operator’s request, it should turn on the lights in the bus. So a forger would have to not only create an animated image (complete with a proper day code and time stamp), but an image that would respond to input.

Which is trivial to do. (My assumption is that it turns on the lights on the bus in the PICTURE, not that it turns on the lights on the real bus that the passenger is trying to board).

Fare inspectors can easily determine (without doing math) that the ticket has been purchased within the last four minutes, which is apparently the time it takes for a team to clear a MAX car.

Any level of security involving visual inspection only can be spoofed. Plenty of nefarious programmers out there know how to do this, it’s easy.

While perhaps not “easy”, it is a straightforward and non-trivial problem for someone with a point to prove and time on their hands. The animation is somewhat difficult, but if it doesn’t change on according to a secret daily progression, it can be duplicated by a screen capture program and/or a competent Flash animator. “If you can see it, you can save it” should be the mantra for anyone who doesn’t want their visual content duplicated or mimicked.

For awhile, you could actually generate functional fake airline boarding passes online. There may be other less-publicized sites still doing this.

Two related points here:

1. A fake TriMet phone animation won’t pass verification of the QR code by a machine reader (assuming the QR code contains info that can only be unscrambled/revealed by Globe Sherpa’s secure servers), but it could easily get someone on a bus where the driver is only giving the phone a glance. I think that’s the point of Scotty’s concern that fare inspector resources would have to be increased on buses.

2. Likewise, the fake airline boarding passes would NOT get you on a plane, because the airlines scan the tickets at boarding time and verify the purchases with their computers. However, at many airports, those fake tickets WOULD get you past security and onto the concourses, because inexplicably the TSA only did visual verification of passes and IDs, they did not scan or verify them with an actual computer.

Granted, penetrating airport security, or merely embarrassing the not-loved TSA agency, provides great motive to hackers. Saving a few bucks and still risking a fare inspection fine may not motivate someone to spoof the Globe Sherpa TriMet system.

That being said, if Globe Sherpa is successful in their mission and begins selling tickets for all kinds of businesses world-wide, they will become a bigger target for spoofing.

A final point:

All that being said, I wouldn’t blow it out of proportion. The current paper system is subject to varying types and degrees of fraud and misuse, but the abuses are relatively minor. We shouldn’t reject a new technology with many clear benefits just because of a chance for occasional fraud at the margins. We should just be aware of the possibility.